benjojo blog

Flexing the Windows RRAS BGP implementation At this point I am a bit of a BGP protocol implementation connoisseur thanks to

Better IX network quality monitoring This post is a textual version of a talk I gave at the first NetUK. You can watch the talk on YouTube that was recorded by the wonderful AV team below if that’s your preferred medium:

Reclaiming IPv4 Class E’s 240.0.0.0/4 A video recording of

Sysadmin friendly high speed ethernet switching I’ve been on the lookout for a ethernet switch that I don’t hate, the problem with a lot of higher

Signed but not secure At the start of the year a very interesting (and some would say inevitable) event happened involving internet routing security, the first case study of a large-scale victim o

Appreciation of automated IX Quarantine LAN testing Something that bgp.tools (my company) does a great deal is joining internet exchanges.

Where is all of the fediverse? Spurred on by the problems at Twitter, a lot of my social media timeline has “moved out” of Twitter/“X” on to what people mostly describe as mastodon or

The browsers biggest TLS mistake Much like a previous talk of mine at Chaos Computer Congress this blog post is a direct write-up of a talk, if you prefer to consume this kind

Grave flaws in BGP Error handling Border Gateway Protocol is the de facto protocol that directs routing decisions between different ISP networks, and is generally known as the “glue”

Driver adventures for a 1999 webcam We generally know that when we buy a piece of technology that it will not last forever, connectors wear out and/or go out of fashion. But I think the most frust

Going multipath without Multipath TCP Gigabit ethernet has been around for a long time, it’s so ubiquitous that there is a very strong chance that if you have a RJ-45 port on your compu

Who is squatting IPv4 addresses? It’s an established fact on the internet that we have ran out of IP(v4) addresses, and we are st

LTO Tape data storage for Linux nerds Tape storage is surprisingly not dead! If you are here then you may be considering using LTO tape as part of your backup or your long t

Ghost in the ethernet optic A few months ago I stumbled on a tweet pointing out a kind of [SFP optic](https://en.wikiped

One of these JPEGs is not like the other “JPEG” or the image encoding specification by the “Joint Photographic Experts Group” (JPEG) is a truly universal format at this stage. You really cannot go very far on the internet without seeing a JPEG file

Imaging mounted disk volumes under duress Backups are critical. If you are lucky and organised you have a set of useful backup primitives, such as Point in Time snapshots on your Infra

Hunting down the stuck BGP routes BGP is the glue between all of the thousands of border routers that make up the internet (you can find this post (battleships) and [this post (EvE)](https://blog.b

Splitting the ping Ping is one of the fundamental pillars of networking. It’s simple, universally supported, and is normally one of the f

Hacking Ethernet out of Fibre Channel cards This story, like another in the past, started as an eBay purchase that I wo

Stressing the network when it’s already down [Impact by Eric Wienke, edits by Ben Cartwright-

How 1500 bytes became the MTU of the internet Translations

Writing userspace USB drivers for abandoned devices Transl

You cannot cURL under pressure cURL. The wonderful HTTP plumbing tool that powers both a lot of command line debugging and bash scripts, but also exists as a strong foundation in our applications in the form of libcurl.

The year of RPKI on the control plane This post is a textual version of the talk I gave at NLNOG 2019, You can watch the recording of the talk on youtube below if that’s your preferred medium: https://www.

Teaching a cheap ethernet switch new tricks Ethernet rules everything around us, a large proportion of our systems communicate to each other with ethernet somewhere in the line. And the fast pac

The speed of BGP network propagation td > p{margin:0;color:#000000;font-size:11pt;}table td,table th{padding:0}.c5{border-right-style:solid;padding:2pt 2pt 2pt 2pt;border-bottom-color:#cccccc;border-top-width:1pt;border-right

What would a EvE online Internet look like? Translations a

A dive into the world of MS-DOS viruses Translations are available in:

The state of RPKI: Q4 2018 In the fall I did a blog post and talk on RPKI about how the current methods of measuring RPKI deployment are broken because they do not take

From VNC to reverse shell Personal websites are weird. We are mostly past the era of having them, as things like twitter and hosted blog services like Medium have taken them over, but I’m a hold out. I run both my own blog, and have a landing page

Are BGPs security features working yet? Translations are a

Building telemetry for tea aka Tealemetry As a British person, I admittedly conform to the stereotype of tea consumption, and giving I’ve been consuming tea for most of my life I have gained opinions on all kinds of tea based variables. The bigge

The death of a TLD Another one bites the dust. The gTLD gold rush is now seeing a steady flow of TLD’s that clearly just didnt work out. In the last week, ICANN removed the documentation

Calling the world cup goals 5 seconds before they happen It’s that time again where once every 4 years people get very hyped over kicking a ball around a grass pitch, however this time my own country is actually doing pretty well! At the time of wr

The ISPs sharing your DNS query data DNS is fundamental to how the web works, and for most of the population it’s completely transparent. Everything on the web is accessed by a DNS name. Since DNS is an old protocol ([November 1987 in fact](http

x86 assembly doesn’t have to be scary (interactive) Assembly programming can be intimidating for people who have never looked into it any deeper than a glance, but giving that it underpins how the computers we use work it can be helpful having cont

Payments with less of the evil I hate card networks. Visa and MasterCard are a pair of companies that I feel definitely make the world a worse place to live in, due to the fact that they sit in front of a critical part of how modern society wo

Playing battleships over BGP BGP is the glue of the internet. For a protocol that was produced on two napkins in 1989 it is both amazing and horrifying that it runs almost all of the

Yubikey/Smartcard backed TLS servers It has become clear that storing secrets in computers is hard. The best demo to the world that storing secrets on “online” computers is hard and sometimes

Making art with SSH key randomart SSH is everywhere in the development or operations world now. For development it’s what allows you to push to GitHub. For operations it’s what allows you to reasonably securely log into Linux servers. SSH

Mapping the whole internet with Hilbert curves Translations are available in:

Encoding data in dubstep drops [Warning: Those who can’t stand EDM/dubstep, oh boy do I have bad news for you in regards to this blog post] Dubstep songs are often criticized as sounding extremely computer generated and often just too aggressi

Giving every Tor Hidden Service a IPv6 address Tor has a neat feature called Onion Services [(A)](https://web.archive.org/web/20180330000120/https://www.torproject.org/docs/onion-services.h

DNSFS. Store your files in others DNS resolver caches A while ago I did a blog post about how long DNS resolvers hold results in cache for, using RIPE Atlas probes testing against their default resolvers (in a lot of cases, the DNS cache on their m

A surprising amount of people want to be in North Korea While the president of the United States and the leader of North Korea were/are currently beefing on Twitter about who should destroy the world first, North Korea was also causing me some pers

Email delivery is stuck on IPv4 Generally speaking there is nothing that people want to talk about less than email delivery and for good reason, Email is continuously seen as one of those archaic protocols that everyone wants to improve but unfortu

Traceroute Haiku’s Sometimes I like to think that I do “serious” blog posts like “The strange case of ICMP Type 69 on Linux” or [“Anycast possibly done better”](https://blog.benjojo.co.uk/post

IP over AX.25 over 802.11 with ESP8266 I love obscure protocols, and while most of the world’s legacy X.25 equipment is slowly being shut down. It’s amateur radio derivative AX.25 is getting along pretty wel

IPv6 anycast possibly done better Anycasting IP space has become quite a meme in the networking world in the last few years, with it being used sparsely in the past for UDP based services like DNS. Now it’s being used for TCP based services too,

Building a legacy search engine for a legacy protocol Translations are availa

Just how long do DNS resolvers cache last? I’m sure this has been done before, but you do hear stories from time to time where someone will either drop or increase their DNS TTL’s and either see a massive difference, or none at all. A lot of pro

Monitoring SNMP less devices with ease In the consumer world you will likely encounter networking devices that don’t have a easy way to poll for their network stats, or in some cases you hate

Ludicrously cheap HDMI capture for Linux Lately I have had the need to do real time video capture from HDMI devices as o

TOTP SSH port fluxing Some people change their SSH port on their servers so that it is slightly harder to find for bots or other nasties and while that is generally viewed as an action of [security through obscurity](https://en.wikipedia.org/wiki/S

I may be the only evil (bit) user on the internet Almost every year a joke RFC is made on April 1st (these have caught on so well, that it’s now common to see more than one of these every year

The strange case of ICMP Type 69 on Linux I run collectd stats on many of my servers and one thing I enable on some (but not all) of the

robots.txt usage over the Alexa million a:link{color: #02008A;};a:visited{color: #02008A;} If you ever had to deal with bots while running a site you will have at least at some point looked into robots.txt, a system that isn’t rea

Propagation slow? Sound the alarms! This is a blog post that I had written for my employer CloudFlare You can find the full link here CloudFlare operates a

Auditing GitHub users’ SSH key quality Translations are available in:

YAMware Old Malware can still be fun! (Side note, this blog post was written and then forgotten about quite a while ago, So I’ve finished it off, it was halfway done.) While on holiday in the evenings with downtime to spare, I had realised that

Detecting anycast addresses and more Anycast networks are a pretty interesting way to fix quite a few issues with networked services that involve needing global spread. One of the interesting things is that a computer cannot really tell (unless it